'\" t
.\"     Title: pam_umask
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 11/22/2024
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM
.\"  Language: English
.\"
.TH "PAM_UMASK" "8" "11/22/2024" "Linux\-PAM" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_umask \- PAM module to set the file mode creation mask
.SH "SYNOPSIS"
.HP \w'\fBpam_umask\&.so\fR\ 'u
\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [nousergroups] [umask=\fImask\fR]
.SH "DESCRIPTION"
.PP
pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&.
.PP
The PAM module tries to get the umask value from the following places in the following order:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
umask= entry in the user\*(Aqs GECOS field (see below for details)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
umask= argument
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
UMASK entry from /etc/login\&.defs
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
UMASK= entry from /etc/default/login
.RE
.PP
The GECOS field is split on comma \*(Aq,\*(Aq characters\&. Entries must be set in its \*(Aqother\*(Aq (sub\-)field (the 5th field within the GECOS field), which could be done, for example, using
\fBchfn \-\-other\fR\&. In addition to the umask= entry, the module also recognizes the pri= entry, which sets the nice priority value for the session, and the ulimit= entry, which sets the maximum size of files the processes in the session can create\&.
.SH "OPTIONS"
.PP
.PP
debug
.RS 4
Print debug information\&.
.RE
.PP
silent
.RS 4
Don\*(Aqt print informative messages\&.
.RE
.PP
usergroups
.RS 4
If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&.
.RE
.PP
nousergroups
.RS 4
This is the direct opposite of the usergroups option described above, which can be useful in case pam_umask has been compiled with usergroups enabled by default and you want to disable it at runtime\&.
.RE
.PP
umask=mask
.RS 4
Sets the calling process\*(Aqs file mode creation mask (umask) to
\fBmask\fR
& 0777\&. The value is interpreted as Octal\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
Only the
\fBsession\fR
type is provided\&.
.SH "RETURN VALUES"
.PP
.PP
PAM_SUCCESS
.RS 4
The new umask was set successfully\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
The conversation method supplied by the application failed to obtain the username\&.
.RE
.PP
PAM_INCOMPLETE
.RS 4
The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
No username was given\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User not known\&.
.RE
.SH "EXAMPLES"
.PP
Add the following line to
/etc/pam\&.d/login
to set the user specific umask at login:
.sp
.if n \{\
.RS 4
.\}
.nf
        session optional pam_umask\&.so umask=0022
      
.fi
.if n \{\
.RE
.\}
.sp
.SH "SEE ALSO"
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
